nix-infra/config/hosts/mjolnir/mjolnir.nix
June 68f11ad955
mjolnir: allow use of deprecated, somewhat insecure libolm
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-09-30 23:20:06 +02:00

36 lines
1 KiB
Nix

# Sources for this configuration:
# - https://github.com/matrix-org/mjolnir/blob/main/docs/setup.md
# - https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml
{ ... }:
{
# Allow deprecated, apparently somewhat insecure libolm to be able to update
# the moderation bot.
# The security issues aren't real world exploitable apparently:
# https://matrix.org/blog/2024/08/libolm-deprecation/
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
services.mjolnir = {
enable = true;
homeserverUrl = "https://matrix.hamburg.ccc.de";
managementRoom = "#moderation-management:hamburg.ccc.de";
settings = {
verboseLogging = false;
};
pantalaimon = {
enable = true;
username = "moderation";
passwordFile = "/run/secrets/matrix_moderation_user_password";
options = {
ssl = true;
};
};
};
sops.secrets."matrix_moderation_user_password" = {
mode = "0440";
owner = "mjolnir";
group = "mjolnir";
restartUnits = [ "mjolnir.service" ];
};
}